The present invention relates to an information processing system, and more particularly, to an information processing system for managing user verification and access rights in a computer network.
In a network system, such as the Internet, local area networks (LAN, WAN) are formed in units of organizations, such as companies. A local network is connected to a wide area network. To counter attacks from outside of the local network, the local network incorporates a mechanism in the connection between the wide area network and the local network to control access to the local network from the wide area network.
When providing an external device with a service via the wide area network, the number of machines that can be directly accessed from the external device is restricted (normally, to one). The restricted external connection machine performs a front end process to provide the service. The external connection machine is restricted in order to limit the damages inflicted on the network when the network is infiltrated from outside the network.
When an external device is provided with service, such as CAD designs or various analyses, an information processing system includes a web server (external connection machine), which functions as a window for the service, and a processing machine, which processes the provided service. The web server performs the front end process and verifies the user (external user), who is trying to receive the service. Based on instructions from a verified user, the web server requests the processing machine to perform a process (job) corresponding to the service. The web server receives a job result from the processing machine and provides (sends) the result to the user.
There is a problem with access rights when requesting the processing machine to perform a process. An account is set for each job to restrict access to files, data, and programs that are required for providing service. However, a job requested from the web server has the account of the web server, which is the requester of the job. In other words, each job has the same account. Accordingly, access to files or the like is not restricted in accordance with each user.
Presently, there are three ways to solve the problem.
(1) Use a Local Network Verification Mechanism
A user logs in to the local network using a username and a password, which are registered in a verification mechanism of the local network. An account, which is obtained through the login, differs from the account of the front end process of a web server. Thus, access is controlled in accordance with each user.
Japanese Laid-Open Patent Publication No. 11-31132 describes an external connection machine including a device that maps user accounts of an external connection machine (i.e., accounts that are valid only in the web server) and accounts of a processing machine (i.e., accounts that are valid only in the local network).
However, the username and password, which are confidential, are sent from the user's terminal to the web server via the wide area network. Accordingly, data of the username and the password is transmitted through an external network. Further, a terminal connected to the wide area network may directly access a server that is connected to the local network. Therefore, when a third party steals the username and password, the third party would have access to the processing performed by the local network.
Further, to provide service with the web server, the account of the web server is set so that other remote jobs requests may be generated with the web server account. Accordingly, even if the user account of the external connection machine and the account of the processing machine (local network account) are separated, as described in Japanese Laid-Open Patent Publication No. 11-31132, a third party would have access to the process performed by the local network as long as the third party uses the web server account.
Additionally, the external connection machine converts the external connection machine account to an account enabling access to resources of the local network and logs in to the local network using the converted account. Accordingly, a third party would have access to a process performed in the local network if the third party steals the local network account.
(2) Perform Exclusive Verification for External Connection
Verification is performed exclusively for the front end process to set an account for each user who logs in. The processes that may be performed in the front end process are restricted in accordance with the set account. In this manner, access is controlled in accordance with each account, or each user.
In this method, an external device does not have to acquire a local network account. However, since the verification result is valid only in the front end process (web server), all jobs performed remotely use the user account of the front end process. Accordingly, every processing result file has the same owner information. This results in problems related to the management of access rights. For example, presuming that a number of departments, which include department A, owning a file of client a, and department B, owning a file of client b, are connected to a local network, a job requested by client a and a job requested by client b would have the same user account. Thus, a person in department A would be able to access a file belonging to a client of department B and vice versa. This is a problem when managing access rights (accounts).
Further, a user who can perform the front end process with an external connection machine has the right to send a remote job request to other machines connected to the local network without any verification.
A user having account or system management authority (super user) is normally required to be verified in order to access other machines. However, if a third party steals a user account, which is verified in the front end process, the third party may be able to inflict a wide range of damage to the local network. Thus, there is a security problem with respect to an attack from outside of the local network.
(3) Prepare a Processing Exclusive Machine
Prepare one or more exclusive machines that receive requests for performing jobs from the external connection machine. The one or more exclusive machines unconditionally receive a request from the external connection machine. In this case, the external connection machine and the processing exclusive machine form a group, which is separated from the local network by a firewall.
In this method, since the range of remote job requests is limited, the system is protected from attacks from outside the local network. However, the exclusive machine is separated from the local network by a firewall. Thus, a terminal connected to the local network cannot access the exclusive machine. Thus two machines must be prepared, one for accessing the local network and one as the exclusive machine. Further, changes in the processing amount ratio of the local network and the external service cannot be adjusted with flexibility. Accordingly, resources of the entire local network cannot be used effectively. In other words, the system does not have sufficient flexibility.